New Malware Threat in Latest Versions of CPU-Z and HWMonitor Software

Recent reports indicate that two widely-used hardware monitoring applications have been compromised and flagged by antivirus software for containing malware.

HWMonitor 1.63 and CPU-Z: Malware Alerts Spark User Concerns

Users across social media platforms have expressed alarm concerning HWMonitor and CPU-Z, two popular utilities for monitoring hardware performance. Many individuals attempting to download the latest versions of these programs have faced warnings from antivirus software about suspicious installers, raising significant concerns regarding the safety of their systems.

The initial outcry originated on Reddit, where users described receiving unexpected executable files while trying to access the official download links. For instance, a user identified as u/DMkiller reported that while attempting to update HWMonitor from version 1.42 to 1.63, he noticed the file labeled as “HWiNFO_Monitor_Setup.exe“instead of the expected “hwmonitor_1.62“.This discrepancy immediately raised red flags.

Upon downloading the file, Windows Defender directly flagged it as malicious. Ignoring the warning, the user encountered an unwanted installation of a Russian program, which he fortunately halted in time. A subsequent check on VirusTotal revealed a troubling outcome, with 32 out of 71 security vendors identifying the file as harmful.

Numerous users echoed similar experiences, highlighting a worrisome trend that could expose millions of PCs to data theft and other cyber threats. Independent cybersecurity sources have corroborated these reports, with the monitoring group vx-underground affirming that this incident involves a multi-stage trojan, stemming from a compromised domain.

Mr. Titus Tech is correct.cpuid-dot-com is indeed delivering malware right now. As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs… https://t.co/ubkXmG7LKV pic.twitter.com/jPlAMmpijN

— vx-underground (@vxunderground) April 10, 2026

Additional users have reported receiving erroneous filenames along with antivirus warnings, further substantiating the claim that these utilities have been compromised. In response, Samuel Demeulemeester, the developer behind CPU-Z and HWMonitor, confirmed that ongoing investigations are revealing the core binaries were not modified. Instead, a secondary feature linked to the website experienced a compromise lasting nearly six hours.

We strongly advise readers against downloading these utilities until the malware issue has been resolved. If you have previously installed them, it is safer to refrain from updating any existing versions.

For additional information, refer to the original reports on Reddit.

Source & Images